Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
Category: Finance

The Financial Services Industry Is Experiencing Record High Breach Costs, a Zero Trust Security Model is the Solution

By Corey Hamilton, Global Financial Services Leader, Security Services at IBM

Financial services institutions are some the heaviest investors and users of security controls, largely driven by stringent regulatory and compliance requirements. As a result, this sector has elevated itself to one of the most secure verticals in the world. However, these organizations remain a top target for cybercriminals chasing high reward pay days given the sensitive nature of the data they manage and their integral role in our global economy. In fact, a recent IBM X-Force report found that this industry was the 2nd most attacked in 2021.

These persistent and novel attacks have led to higher costs of breaches for financial services organizations. According to IBM’s 2022 Cost of a Data Breach Report, the average cost of a data breach in financial services was $5.97M, 13% higher than the $4.35M global average. The study also found that cybercriminals are diversifying their methods of attacks to find a way into these organizations, with attack vectors ranging from compromised credentials (19%), phishing (16%) and cloud misconfiguration (15%). This demonstrates that attackers are becoming more sophisticated in their methods.

The data in this report reveals there is more work to be done to thwart these attackers and mitigate the rising cost of data breaches. There are several ways banks and financial services organizations can do this, including:

Adopt a zero-trust security model to help prevent unauthorized access to sensitive data. 

Results from the study showed that while just 41% of organizations have implemented a zero-trust security approach, they had a potential breach cost saving of USD 1.5 million with a mature deployment. As organizations incorporate remote work and hybrid multicloud environments, a zero-trust strategy can help protect data and resources by limiting their accessibility and requiring context before granting access.

Security tools that can share data between disparate systems and centralize data security operations can help security teams detect incidents across complex hybrid multicloud environments. You can gain deeper insights, mitigate risks and accelerate response with an open security platform that can advance your zero-trust strategy. At the same time, you can use your existing investments while leaving your data where it is, helping your team become more efficient and collaborative.

Tackle the root cause of data breaches by investing in security training and awareness. 

One of the principle causes for data breaches is due to human error, accounting for 33% of breaches for financial services, followed only by malicious attack, which accounted for 45% of data breaches. The figure around human error is as high as we’ve ever seen it, an increase in 8% compared to 2021’s figure of 25%. Staffing and expertise shortages, the great migration, remote work, and organizations digitizing their operations are large reasons as to why we are seeing such a high rate of human error.

Given this finding, it is vital that your organization invest in educating employees on phishing, scams, and malware-facilitated cybercrime. Every organization has security training at least once a year, but that isn’t enough to thwart sophisticated attackers who are using a broader range of attack methods than ever before. Investing in training will help employees identify and shut down attacks at a faster rate.

Implement artificial intelligence to close cybersecurity skills gap. 

According to the Cost of a Data Breach Report, 41% of financial services organizations have fully deployed security automation, up from 28% in 2021. Automation is being leveraged in this industry more so than in other sectors, like energy and manufacturing. This has only further accelerated throughout the past two years given the number of banks and financial services organizations that have transitioned their data to the cloud and are automating their operations.

Artificial intelligence can be beneficial for a variety of reasons. The technology can extract features and patterns, improve decision making and detect unknown threats. It can help with reasoning, including showing evidence of breaches, help with remediation planning and possible outcomes, and anticipate new threats and next steps. Further, this technology can reduce human analyst burden and decrease reaction time, lessening human error.

We have seen real gains by banks and financial services organization who are investing in this technology. The Cost of a Data Breach Report found that there was a USD $1.2M cost savings for organizations who fully deployed automation vs. the global average of the cost of a data breach. It also found that financial services organizations took fewer days to identify and contain a breach, 183 and 52, compared to the industry average of 207 days to identify and 70 days to contain.

Create and test incident response playbooks to increase cyber resilience. 

Two of the most effective ways to mitigate the cost of a data breach are forming an incident response (IR) team and extensive testing of the IR plan. Breaches at organizations with IR teams that regularly test their plan saw USD $2.66M in savings compared to breaches at organizations with no IR team or testing of the IR plan. Organizations can respond quickly to contain the fallout from a breach by establishing a detailed cyber incident playbook. Routinely test that plan through tabletop exercises or run a breach scenario in a simulated environment such as a cyber range.

Opt for specialized clouds. 

Specialized clouds take specific requirements dictated by regulation and privacy mandates for regulated industries into consideration. For financial institutions, for example, they are designed to build trust and have specific features for security, compliance, and resiliency that financial institutions require. They are managed by professionals that understand the unique challenges each industry faces so organizations can confidently host their mission-critical applications in the cloud and transact quickly and efficiently.

In summary.

Financial organizations are facing many headwinds today, from inflation to employee retention and persistent attacks against their organization. However, investing in exponential technologies, like cloud and AI, and training employees on best practices around them can be a vector to help protect against these challenges. This will ensure you are giving employees new knowledge and skill sets, safeguarding sensitive data in the face of malicious attackers, and fighting against the rising cost of data breaches.